ldapsearch and base64 encoding

ldapsearch is a very nice tool, but there is one small problem — if an attributes value contains any special characters (anything outside the range of printable ASCII characters), the value is base64 encoded.

so for
ldapsearch -x -h abook.rwth-aachen.de -LLL -b o=abook sn='brüns' cn
the results are:
dn: uid=Stefan.Bruens@rwth-aachen.de, ou=datenbank, o=abook
cn:: U3RlZmFuIEJyw7xucw==

the following snippet helps:
alias un64='awk '\''BEGIN{FS=":: ";c="base64 -d"}{if(/\w+:: /) {print $2 |& c; close(c,"to"); c |& getline $2; close(c); printf("%s:: \"%s\"\n", $1, $2); next} print $0 }'\'''

Results:
ldapsearch -x -h abook.rwth-aachen.de -LLL -b o=abook sn='brüns' cn | un64
dn: uid=Stefan.Bruens@rwth-aachen.de, ou=datenbank, o=abook
cn:: "Stefan Brüns"

Warning: Of course this works for attributes with printable characters only. LDAP can contain binary data, e.g. images of the user in JPEG format.

3 Gedanken zu “ldapsearch and base64 encoding

  1. lusonix schreibt:

    This is cool and works if the encoded base64 is on one line only.

    If there’s multiple lines it does not work!

    Mutilple lines apper like this:

    name:: SOMEBASE64ENCODEDSTRINGTHATRESULTHAS72CHARS
    SOMEBASE64ENCODEDSTRINGTHATRESULTHAS72CHARS
    THERESTOFTHESTRINGLOWERTHAN72CHARS

    (the 2nd and 3rd lines start with a space, which has to be removed on result)

    Hope you can enhance your script to support multiple lines.

    The reson upon which the 72 chars limit exists, if I recall correctly is related to MIME and/or mail protocols.

    Cheers

Hinterlasse einen Kommentar